Enlarge image
Breaking into the ventricles of the heart
: hackers are taking more and more professional action against companies, and the damage caused by cyber attacks is increasing considerably
Photo: Andrew Brookes / imago images / Westend61
The Omicron virus variant is spreading rapidly around the world, driving infections in many industrialized countries to new heights every day, and in many places factories are already standing still.
Nevertheless, companies worldwide no longer see the pandemic as the greatest risk to their business.
This is the most surprising result of the "Allianz Risk Barometer 2022".
The industrial insurer AGCS, which belongs to the Allianz Group, surveyed 2,650 company bosses, risk managers and insurance brokers from 89 countries.
Last year, 40 percent still rated the pandemic as a risk, making Corona the second-biggest business risk – right behind business interruptions.
The pandemic has now slipped to fourth place (22 percent), and in Germany even to 8th place (13 percent).
Business disruption and cyber attacks as the greatest risk
Instead, companies around the world fear something else: attacks on their IT systems. 44 percent of the entrepreneurs and experts surveyed for the Allianz Risk Barometer saw cyber attacks as one of the top three business risks. Business interruption (42 percent) and natural disasters (25 percent) follow in second and third place. Among those surveyed in Germany, the order was slightly different. Here, business interruptions (55 percent) came ahead of cyber attacks (50 percent) and natural disasters (30 percent).
Many companies only experienced how quickly their own IT systems can be endangered in December.
At that time, the security hole Log4j was discovered, the Federal Office for Information Security spoke of a "serious threat situation", in America the FBI and NSA intervened.
In many companies, IT experts began to search feverishly to see if they were using the software anywhere.
Individual cases and the names of affected companies are only rarely made public in the case of cyber attacks, and the exact damage caused is even rarer.
However, it can be significant.
"Medium double-digit" million damage after cyber attack
AGCS expert Jens Krickhahn uses an example to explain how seriously a hacker attack can hit a company: A major customer of the insurer was attacked with ransomware in 2021 and blackmailed at the same time. The company did not pay the requested ransom, but thanks to its "good level of IT maturity" it was able to "limit" the effects, says Krickhahn. The damage was still in the "mid double-digit million range".
Although damage from cyber attacks of this magnitude is not the rule, the attacks themselves are becoming increasingly commonplace: According to Accenture consultants, their number skyrocketed by 125 percent worldwide in the first half of 2021 compared to the same period last year.
Ransomware and extortion attempts were one of the main reasons for this increase. According to the FBI, ransomware incidents in the United States increased by 62 percent over the same period, after a 20 percent increase in 2020.
more on the subject
Expert estimate: Cyber attacks in the home office cause billions in damage
Podcast on Hacking: What executives need to know about the new data thieves
AGCS sees this development in cyber risks as confirmed by its own loss statistics.
In 2016, the insurer recorded 80 cyber claims to be settled.
In 2020 he was already involved in more than 1000 cyber claims, and the trend for 2021 is increasing.
The average amount of damage per successful cyber attack has recently increased significantly.
According to security software specialist Sophos, the average total cost of recovery and downtime (23 days on average) after a ransomware attack more than doubled in 2021, from around $761,000 to $1.85 million on average.
The stoppage of production is particularly expensive for many companies.
At AGCS, the costs for the business interruption and for restoring operations in a company accounted for more than half of the damage amount on average.
Only half of the companies get a cyber policy
"The hackers are now attacking in an extremely professional manner," says AGCS expert Krickhahn.
Despite the growing attention of companies to the topic and increasing investments in IT security, they would more and more often break into the heart of the company and then blackmail them.
"Ransomware has become big business for cybercriminals who are honing their tactics and lowering the barriers to entry."
AGCS sees a need to catch up, especially among medium-sized and smaller companies.
The problem: By no means all companies that ask for insurance cover against cyber risks actually get it.
According to AGCS, around half of the applications from the companies are rejected because their IT security precautions have not progressed far enough and the risks for the insurer are obviously too great.
Companies are now prepared for the pandemic
While many companies are not yet prepared for a possible digital pandemic, the corona pandemic is different.
80 percent of the companies surveyed felt well prepared for renewed outbreaks, only 11 percent felt they were not sufficiently prepared.
The concerns of the companies, especially with regard to health and workers, are decreasing, says AGCS expert Jürgen Wiemann, Head of Property Insurance Central and Eastern Europe.
However, the insurer had already surveyed the companies in November and early December, when the Omicron variant was not yet widespread.
Wiemann concedes: This could have influenced the assessment of the respondents.
Incidentally, the German respondents at the time were more worried about a number of other problems than Corona.
In addition to business disruptions, cyber attacks and natural disasters, climate change, possible changes in legislation or regulations, fire and explosions and market developments were also considered more worrying than another major pandemic with sick employees and lockdown.
rei
